Cheap User-Friendly Software Enables Credit Card and Identity Theft

The creation of malware and software applications that could be used to steal personal credit card or bank account information was once the province of professional programmers and hackers. Not anymore. Thanks in part to relatively cheap, as well as easily attainable and usable software programs, more and more amateur hackers and even non-programmers can get into the business of spreading computer viruses, committing identity theft, and stealing sensitive information.

One such software program, called Zeus, is available for $400-$700 and can actually be purchased online (1). Zeus, also known as Zbot and PRG, is a malware generation software program that can be used to send spam, steal information (e.g., bank account numbers, passwords), and infect other computers. Those computers that become infected with a Zeus application become botnets, capable of being manipulated by the malware program and also capable of infecting other computers (2).

Trusteer, a computer security firm, estimates that Zeus has infected 3.6 million, or 1%, of all computers in the United States (3). Many of these infected computers are used by banking institutions. Unfortunately, antivirus software was able to detect Zeus infection only 23% of the time. Once Zeus infects a computer, it hibernates until activated by a user. Upon activation, it starts collecting secure information. For example, a client could go to a bank's web site and attempt to log into it. The act of logging in would reactivate Zeus, whereupon it would send the login information to a third-party server.

Zeus can also be purchased as an easy-to-use "toolkit", with the user choosing which computers become infected by going through a control panel in order to analyze weaknesses in their software programs.

If a would-be hacker can initially enlist help from more professional hackers, the situation becomes even better. A professional hacker can purchase Fragus software for $800 and have it installed onto a web server. Fragus will then analyze the weaknesses of web browsers that go to the web sites hosted by this web server. If an entry point is found, Fragus will infect the browsing computer with Zeus malware. In this way, a professional hacker can not only obtain information from vulnerable computers, but he or she can also sell the installation of Zeus malware as a service for less-adept hackers.

Although banks and other companies are trying to stay abreast of Zeus and Fragus, such as by updating antiviral programs in order to recognize the "fingerprint" left behind by these software programs, hackers are also keeping pace. At the Russian site Virtest, for example, a hacker can test malware code to see if it is captured by a suite of popularly used antiviral software programs. If the code does not pass the antiviral scan, the hacker is notified and can then alter the code until the antiviral suite does not detect it.

References:

1. 'Credit card theft? There's an app for that'
http://www.newscientist.com/article/mg20527524.300-credit-card-theft-theres-an-app-for-that.html?DCMP=OTC-rss&nsref=online-news

2. UK Police Reveal Arrests Over Zeus Banking Malware
http://www.pcworld.com/article/182487/uk_police_reveal_arrests_over_zeus_banking_malware.html

3. Measuring the in-the-wild effectiveness of Antivirus against Zeus http://www.trusteer.com/files/Zeus_and_Antivirus.pdf